Authentication
The LiquidFiles API uses Bearer Token authentication with API keys. LiquidFiles supports two types of API keys:
- Static API keys — persistent keys that won't change unless manually reset by the user or an admin. You can view your static API key on your Account page, or retrieve it via the API.
- Expiring API keys — keys with a configurable expiration period, obtained through a web browser authentication flow that supports two-factor authentication.
Both key types work identically for API authentication. You can view your static API key by looking in your Account page on the LiquidFiles system. You will see something similar to this:
In this case, the users static API key is:
OhuHzkYns0z2vMsTb7CZhK. To authenticate to the LiquidFiles system, you
include the API key in the Authorization header as a Bearer token. An
example using curl would be:
curl -H "Authorization: Bearer OhuHzkYns0z2vMsTb7CZhK" \
-H "Accept: application/json" \
https://liquidfiles.example.com/messages/inboxThe relative url /messages/inbox will list all messages for the user with
the API key: OhuHzkYns0z2vMsTb7CZhK.
Setting the Authorization Header
If your HTTP library doesn't have built-in support for Bearer authentication, the HTTP header to set is:
Authorization: Bearer OhuHzkYns0z2vMsTb7CZhK
Simply set the Authorization header to the word Bearer followed by a space and then the API key. No encoding is required.
Deprecation Notice: HTTP Basic Auth
Prior to LiquidFiles v4.3, the API used HTTP Basic Authentication with the API key as the username (e.g. curl --user API_KEY:x). This method still works for backward compatibility but is deprecated and will be removed no earlier than April 2027. We recommend updating your API clients to use Bearer Token authentication.